Skip to main content

Overview

Offergrid uses Team API Keys for authentication. Your API key identifies your organization and determines whether you have provider, reseller, or hybrid access to the platform.

Getting Your API Key

Step 1: Sign In to Offergrid

Visit offergrid.io and sign in to your account.

Step 2: Navigate to Settings

Go to your team settings or API settings page in the dashboard.

Step 3: Generate an API Key

Click Generate New API Key and securely save the key. You won’t be able to see it again after leaving the page.
Keep your API key secure and never expose it in client-side code, public repositories, or version control systems. Treat it like a password.

Using Your API Key

Include your API key in the x-api-key header with every API request: 
curl https://api.offergrid.io/provider/offers \
  -H "x-api-key: YOUR_TEAM_API_KEY"

Example Requests

const response = await fetch('https://api.offergrid.io/provider/offers', {
  method: 'GET',
  headers: {
    'x-api-key': process.env.OFFERGRID_API_KEY,
  },
});

const offers = await response.json();

API Key Permissions

Your API key’s permissions are based on your team’s role:

Provider Access

If your team is registered as a provider, you can access:
  • /provider/offers - Create and manage service offerings
  • /provider/orders - View and fulfill orders from resellers

Reseller Access

If your team is registered as a reseller, you can access:
  • /reseller/catalog - Browse available service offers
  • /reseller/orders - Place and track orders

Hybrid Access

Some teams have both provider and reseller roles. Hybrid teams can access all endpoints with the same API key.

Best Practices

Use environment variables or secure key management systems (like AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault) to store API keys. Never hardcode keys in your application code.
Generate new API keys periodically and revoke old ones to minimize security risks.
Use separate API keys for development, staging, and production environments.
Track API key usage in your Offergrid dashboard to detect any unusual activity.
If you suspect an API key has been exposed, revoke it immediately and generate a new one.

API Base URLs

https://api.offergrid.io
Use this URL for production workloads and live customer transactions.

Error Responses

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "statusCode": 401,
  "message": "Unauthorized - invalid API key",
  "error": "Unauthorized"
}
Common authentication errors:
  • Missing API key: The x-api-key header was not provided
  • Invalid API key: The provided key doesn’t exist or has been revoked
  • Insufficient permissions: Your team role doesn’t have access to the requested endpoint

Need Help?

If you’re having trouble with authentication:
  • Check that you’re using the correct header name (x-api-key)
  • Verify that your API key hasn’t been revoked
  • Ensure your team has the appropriate provider or reseller role
  • Contact support at support@offergrid.io